Dailydave mailing list archives
Re: Vuln scoring system anyone?
From: Brian <bmc () snort org>
Date: Tue, 1 Mar 2005 16:23:38 -0500
On Tue, Mar 01, 2005 at 04:00:55PM -0500, security curmudgeon wrote:
What if someone posted a Snort signature for a new vuln before a vendor ack'd it? You have no proof that its a valid vulnerability yourself, but you have a detailed advisory from a reputable security researcher and a respected snort sig writer that tested the vulnerability and wrote a signature to monitor for exploitation. That has to count for something, yes?
Reputable & Respected count for quite a bit. Both of those words were missing from your first email. Who decides who is reputable & respected? Since this conversation is on dailydave, I'll use Dave as an example. (Sorry Dave.) Do you trust Dave's commentary? If you do, how do you know Dave made the comment, since he doesn't cryptographically sign his emails? I'm all for a better classification of vulnerabilities. The classification that I use for snort rules is *HORRID*. A decent standard would be very useful. However, I forsee many problems with attaching respect to vulnerability classification. Brian _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Vuln scoring system anyone?, (continued)
- Re: Vuln scoring system anyone? Brian Erdelyi (Mar 01)
- Re: Vuln scoring system anyone? Dave Aitel (Mar 01)
- Re: Vuln scoring system anyone? Brian Erdelyi (Mar 01)
- Re: Vuln scoring system anyone? Dave Aitel (Mar 01)
- Re: Vuln scoring system anyone? Brian Erdelyi (Mar 01)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- Re: Vuln scoring system anyone? Brian (Mar 01)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- Re: Vuln scoring system anyone? Blue Boar (Mar 01)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- Re: Vuln scoring system anyone? Brian (Mar 01)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- Re: Vuln scoring system anyone? Oliv (Mar 02)
- Re: Vuln scoring system anyone? Tom Parker (Mar 02)
- Re: Vuln scoring system anyone? Jason (Mar 02)
- Re: Vuln scoring system anyone? Kurt Seifried (Mar 02)
- RE: Vuln scoring system anyone? Ben Nagy (Mar 03)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- Re: Vuln scoring system anyone? Frank Knobbe (Mar 01)
- Re: Vuln scoring system anyone? Blue Boar (Mar 01)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)